Names | spwebmember | |
Category | Tools | |
Type | Info stealer | |
Description | (NCC Group) spwebmember was written in Microsoft .NET and includes hardcoded values for client project names for data extraction. The tool would connect to the SQL SharePoint database and issue a query to dump all data from the database to a temporary file affixed with 'spdata'. | |
Information | <https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0227/> |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
Previous: SprySOCKS
Next: SpyC23
Changed | Name | Country | Observed | ||
APT groups | |||||
Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon | 2010-Late 2022 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |